New Model for Selling Holistic Smartphone Security

Security channel providers who help customers approach smartphone protection
in a holistic fashion could grab hold of a significant market niche if they
approach it the right way, says an industry analyst at Compliance Research
Group, which today released a
new model for implementing mobile security in the enterprise.

Meant to aid channel partners, vendors and enterprises in navigating the chaos
caused by massive user migration to highly functional computing devices such as
iPods and BlackBerry devices, CRG’s DUST model suggests that the mobile
environment cannot be fully secured without protecting four major elements:
devices, users, sessions and transactions.

“We developed the DUST model primarily because in our view there wasn’t a
practical, simple and easy-to-understand way for all of the different pieces to
fit together,” says said Mark Willoughby, principal and lead analyst at CRG.
“The jigsaw puzzle was disconnected, and there wasn’t a practical way for
either vendors or end users or channel partners and channel providers to
understand all of the pieces needed to fit together to have a complete
end-to-end solution for the emerging smartphone mobile marketplace.”

Willoughby sees the DUST model
starting at the basics with sound device security to protect against viruses,
man-in-the-middle attacks and device losses. Then organizations need to secure
the individual user activity through strong authentication. Next, session risks
associated with transit through VPNs and various portals into the cloud or
trusted network applications must be mitigated. And finally, organizations must
account for the security of transactions once the user has reached the
destination site.

“So the DUST model is a new way of viewing a complex end-to-end chain of trust
from the user through the device through the sessions through the destination
and the transaction to be conducted there," Willoughby
says.

He believes the biggest challenge today in mobile security is bridging the
security divide between consumer applications and enterprise applications that
must co-exist on the same device.

“On that same device, leaping over [from consumer applications], we have to VPN
to some secure corporate Websites in a trusted network in the cloud that
contains a lot of sensitive information,” he says. “Being able to do that
properly is going to be a big challenge.”

As enterprises try to meet those challenges, Willoughby
believes that there is a tremendous amount of opportunity for the channel to
swoop in and fill in holes within the smartphone chain of trust left behind by
a fragmented vendor landscape.

“Very few people are able to fully provide that kind of end-to-end security. Even
mobile carriers can’t provide that kind of capability for their smartphone
devices,” he says. “For aggressive and visionary channel partners, they can
quickly grab something like the DUST model to start using that to design and
market and sell pieces of the solution to fill in the gaps.”